Record level security

I want to restrict which records someone can see. I know I can restrict tables and the like, but I have a client with records in an existing database and each one has an account type attached to it. They want to restrict some people from seeing some accounts.

Anyone know of a simple way to keep certain records hidden? I don't even want them read, but they have to be able to use the same table with records that they should see.

2) setting up the UI so that the user's don't normally try to view forbidden records only to get error messages or "Access Denied" screens.

Some tricks for #2:

Any find performed by user or script automatically omits forbidden records. So performing a find that should find all records when the user opens the file or enters a layout will actually find only permitted records.

Custom menus can be set up that either remove "Show All" and "Show Omitted" from the records menu or replace them with scripts that only bring up permitted records.